I'm hosting a service on port 3000. Using apache, I made it so https://git.mywebsite.com proxies over to http://mywebsite.com:3000. Now, if I input the following command:
sudo iptables -A INPUT -p tcp --dport 3000 -j DROP
It does prevent external users from accessing http://mywebsite.com:3000, but now apache can no longer access it internally as well, which means https://git.mywebsite.com is down also. Is there a way to fix this?
I assume your Apache2 proxy uses localhost:3000 as the proxy destination.
Best option is to configure your service so that it only binds to 127.0.0.1:3000 address on startup, not to 0.0.0.0:3000. This prevents anyone from outside connecting to that service.
Second option is to use iptables as follows:
sudo iptables -A INPUT -i <IFNAME> -p tcp --dport 3000 -j DROP
Where <IFNAME> is your internet facing interface name.
